Blog :: Security Operations

How to Recognize a Voice Phishing Attempt

Not all phishing attempts come in through your email. Has someone ever called you to offer you a free vacation, or to ask you to participate in a survey, and then asked you for sensitive information? They were attempting voice phishing, sometimes called “vishing.”

My Encounter With Voice Phishing

Recently, I moved out of an apartment, so I had had to leave information such as my phone number and previous address with many people. Soon after, I started getting daily calls from a number I didn’t recognize. The number included my area code, so around the 5th time they called, I picked up.

The person on the other end claimed to be calling from the company that had provided my propane. He knew my old apartment’s address and knew that I had canceled my account with that company, so I believed that he was indeed from the company. Next, he asked me to complete a short survey. Wanting to be friendly and help him out, I agreed.

The very first question he asked was my name; that’s when alarm bells started going off in my head.  I thought, “If he had all that information, he must have my account pulled up in front of him. How on earth could he not know my name?” I hung up without another word and I haven’t received another call since, despite his initial persistence. I also double-checked the official phone number of the company, and it was completely different from the number he was calling from.

Is there a chance I was being too paranoid, and he wasn’t voice phishing after all? Sure. But at Plixer, we take a “Better safe than sorry” approach to security. Unfortunately, voice phishing isn’t uncommon, and a lot of people too easily provide sensitive information like credit card numbers. You may even be sent to a recorded message that asks you to input your credit card number with the number pad.

voice phishing

Voice Phishing Lures

A fake survey is only one of the ways people may try to draw you into a voice phishing scam. Here are some others that the Federal Trade Commission reports:

  • Travel packages
  • Credit and loan offers
  • Sham or exaggerated business and investment opportunities
  • Charitable causes
  • High-stakes foreign lotteries (these are actually illegal anyway)
  • Extended car warranties
  • “Free” trial offers

Who Else is at Risk?

It’s not just individuals at risk, either.  Businesses, particularly charitable organizations, non-profits, and small businesses, are targets for voice phishing as well. According to a news article from the Federal Trade Commission, a federal court temporarily halted and froze the assets of an operation that used voice phishing to scam millions of dollars from victim organizations. They would call companies and claim to be going out of business, offering office supplies and low prices. They would be deceptive about the actual price, or send unordered merchandise along with an invoice. If the victim organizations wanted to return the supplies, they had to pay a “restocking fee” of 15% the invoice amount.

It’s easier to trust a voice on a phone than to trust an email, which may be why some scammers opt for voice phishing. But always be on alert, don’t give away personal information, and you’ll be able to protect yourself from scam attempts.

For more infosec news and cybersecurity tips, follow @Plixer on Twitter.